نبذة مختصرة : DDoS attacks are relevant threats that continue to grow in number, power, and complexity. These attacks are not only materialized through stealthy and fast variants in different network layers but also adapt their behavior and objectives, increasingly targeting less protected devices, particularly those prevalent in Internet of Things (IoT) environments. Recent studies have demonstrated the effectiveness of employing paradigms such as Software-defined Networking (SDN) and its complete realization through programmable data planes for the detection and mitigation of DDoS attacks. However, the complexity of real-world implementation, especially leveraging the Programming Protocol-Independent Packet Processors (P4) programming language (de facto standard in programmable data planes), has posed significant challenges, prompting researchers to concentrate primarily on simulation-based approaches. In this work, we propose an SDN-based Intrusion Prevention System (IPS) that leverages the coordination between the programmable data plane and the control plane to detect and mitigate slow-rate DDoS attacks in IoT environments. A decision tree model is deployed within a programmable switch (P4) to detect the attacks. Furthermore, an SDN controller is responsible for generating mitigation policies and deploying them to the programmable switches, effectively blocking malicious flows. Notably, we implement our solution on a high-performance Tofino P4 ASIC switch, achieving an accuracy of up to 88.74% in detecting attacks, with less than 3% of false positives in mitigation. Our implementation proposes alternatives for IoT environment protection, filling gaps by addressing understudied slow-rate attacks and bridges theoretical and physical implementations of programmable data planes.
Processing Request
No Comments.